Wednesday, 6 April 2016

How to remediate the logjam vulnerability with IIS

The logjam attack is conducted by downgrading the key strength used in the TLS connection using a man-in-the-middle style attack.

This happens when the server/client is negotiating which cipher suites should be used - the MiTM attack occurs when sending a list of supported cipher suites back to the server - the attack attempts to remove all of the strong cipher suites - leaving less secure / vulnerable cipher suites present.

Although unfortunately (to my knowledge) it is not possible to increase the DH key size on Windows - so instead we should disable all Ephemeral Diffie-Hellman (DHE) cipher suites.

Fortunately this is fairly simply to do - we should firstly open up the local group policy console:

gpedit.msc

Then expand: Computer Configuration >> Administrative Templates >> Network >> SSL Configuration Settings.

Now double click the 'SSL Cipher Suite Order' setting and remove any DH or DHE entries from the string (i.e. cipher suites beginning with 'TLS_DHE'.)

For example on a Windows Server 2008 R2 system it looked like as follows upon removal of the cipher suites:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5

Restart the server and re-check the server.

0 comments:

Post a comment